Five Requirements for QoS and Your Cloud Computing

I received a call today from one of the Largest Tier 1 providers in the world.  The salesperson on the other end was lamenting about his inability to sell cloud services to his customers.  His service offerings were hot, but the customers’ Internet connections were not.  Until his customers resolve their congestion problems, they were in a holding pattern for new cloud services.

Before I finish my story,  I promised a list of what Next Generation traffic controller can do so without further adieu, here it is.

  1. Next Generation Bandwidth controllers must be able to mitigate traffic flows originating from the Internet such that important Cloud Applications get priority.
  2. Next Generation Bandwidth controllers must NOT rely on Layer 7 DPI technology to identify traffic. (too much encryption and tunneling today for this to be viable)
  3. Next Generation Bandwidth controllers must hit a price range of $5k to $10k USD  for medium to large businesses.
  4. Next Generation Traffic controllers must not require babysitting and adjustments from the IT staff to remain effective.
  5. A Next Generation traffic controller should adopt a Heuristics-based decision model (like the one used in the NetEqualizer).

As for those businesses mentioned by the sales rep, when they moved to the cloud many of them had run into bottlenecks.  The bottlenecks were due to their iOS updates and recreational “crap” killing the cloud application traffic on their shared Internet trunk.

Their original assumption was they could use the QoS on their routers to mitigate traffic. After all, that worked great when all they had between them and their remote business logic was a nailed up MPLS network. Because it was a private corporate link, they had QoS devices on both ends of the link and no problems with recreational congestion.

Moving to the Cloud was a wake up call!  Think about it, when you go to the cloud you only control one end of the link.  This means that your router-based QoS is no longer effective, and incoming traffic will crush you if you do not do something different.

The happy ending is that we were able to help our friend at BT telecom,BT_logo by mitigating his customers’ bottlenecks. Contact us if you are interested in more details.

Six Ways to Save With Cloud Computing

I was just doing some research on the cost savings of cloud computing , and clearly it is shaking up the IT industry.  The five points in this Webroot article, “Five Financial Benefits of Moving to the Cloud”, really hit the nail on the head.   The major points are listed below.

1. Fully utilized hardware

2. Lower power costs

3. Lower people costs

4. Zero capital costs

5. Resilience without redundancy


Not listed in the article details was a 6th way you save money in the cloud.  The following is from conversations I have had with a few of our customers that have moved to the cloud.

#6)  Since your business services are in the cloud, you can ditch all those expensive MPLS links that you use to privately tie your offices to your back-end systems, and replace them with lower cost commercial Internet links. You do not really need more bandwidth.  The commodity Internet links in place are likely good enough, but… when you do this you will need a smart bandwidth shaper.

Your link to the Internet becomes ever more critical when you go the cloud.  But that does not mean bigger and more expensive pipes. Cloud applications are very lean and you do not need a big pipe to support them. You just need to make sure recreational traffic does not cut into your business applications.  Here is my shameless plug: the NetEqualizer is perfectly designed to separate out the business traffic from the recreational. Licensing is simple, and surprisingly affordable.

How Much Bandwidth do you Need for Cloud Services?

The good news is most cloud applications have a very small Internet footprint. The bad news is, if left unchecked, all that recreational video will suck the life out of your Internet connection before you know it.

The screen shot below is from a live snapshot depicting bandwidth utilization on a business network. Screen Shot 2016-01-27 at 12.26.49 PM

That top number, circled in red, is a YouTube video, and it is consuming about 3 megabits of bandwidth.  Directly underneath that are a couple of cloud service applications from Amazon, and they are consuming 1/10 of what the YouTube video demolishes.

Over the past few years I have analyzed quite a few customer systems, and I consistently see cloud-based business applications consuming  a small fraction of what video and software updates require.

For most businesses,  if they never allowed a video or software update to cross their network, they could easily handle all the cloud-based business applications without worry of running out of room on their trunks. Remember, video and updates use ten times what cloud applications consume. The savings in bandwidth utilization would be so great that  they could cut their contracted bandwidth allocation to a fraction of what they currently have.

Coming back to earth, I don’t think this plan is practical. We live in a video and software update driven world.

If you can’t outright block video and updates, the next best thing would be to give them a lower priority when there is contention on the line. The natural solution that most IT administrators gravitate to is to try to identify it by traffic type.  Although intuitively appealing, there are some major drawbacks with typecasting traffic on the fly.  The biggest drawback is that everything is coming across as encrypted traffic, and you really can’t expect to identify traffic once it is encrypted.

The good news is that you can reliably guess that your smaller footprint traffic is Cloud or Interactive (important), and those large 3 megabit + streams should get a lower priority (not as important).  For more on the subject of how to set your cloud priority we recommend reading: QoS and your Cloud Applications



NetEqualizer News: January 2016

January 2016


Enjoy another issue of NetEqualizer News! This month, we introduce our new virtual NetEqualizer offering, highlight our Tech Refreshes, preview a cool new 8.4 Release feature, and discuss our DDoS Firewall option. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

Happy New Year! I hope your 2016 is off to a good start. Here at APconnections, we are starting 2016 off with a wonderful announcement:

We are going Virtual! This month, we discuss how we are embracing Network Function Virtualization (NFV). Read below to learn more about this exciting offering!

twitterAnd remember we are now on Twitter! You can now follow us @NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at I would love to hear from you!

In 2016, We Are Going Virtual!

As most of you know, Network Function Virtualization (NFV) has become a viable choice for many networking components. We now believe it is time to consider VM for bandwidth shaping, and are excited to announce that we will offer a NetEqualizer solution (NetEqualizer-VM) that runs on a virtual machine in 2016!

Our first offering, planned for early Q2 2016, will be targeted and tested for 100 Megabit links with 1,000 or fewer customers.

Note: There will always be reliability risks of sharing a hardware platform with other applications, hence we are starting with a relatively small footprint.

Also, in some areas of the world shipping our NetEqualizer hardware is complicated by complex trade policies, and tariffs. Thus, a Virtual offer will shorten the delivery time and reduce the mechanical overhead of hardware shipment.

Right now we are still working out all the details on NetEqualizer-VM pricing and what VMs will be supported.

If you are interested in learning more or participating in the Beta when available, please contact us!


Start The New Year With A Tech Refresh!

Our NetEqualizer Tech Refreshes are a great way to start off the new year! These short, 30 minute WebEx sessions can provide great value to you and your team and help you get the most out of your NetEqualizer. Here are just a few of the benefits:

1) Learn about new releases – we are constantly evolving and enhancing our product. Tech Refreshes can help quickly get you up-to-speed on what is new!

2) Quickly educate a new employee – our Tech Refreshes make training a new staff member on NetEqualizer a breeze!

3) Ask questions and review your configuration – use this time to make sure that your unit is optimally configured, and ask any questions you’ve been curious about with your NetEqualizer!

Schedule your Tech Refresh today by clicking the link below.

Tech Refreshes are free to all customers with valid NetEqualizer Software and Support (NSS).

We also offer onsite training for you and your team in full day seminars – contact us for availability and pricing.


8.4 Release Coming Soon!
User Interface Enhancements

In last month’s newsletter, we talked about changes coming to the regular NetEqualizer GUI. Over the next couple of months, we’ll highlight some of those changes here.

One of the changes we are most excited about is the ability to edit the configuration on the fly. See a screenshot of the Configure Hard Limits Interface below:

This makes even complex configuration changes and setup quick and easy! You’ll now be able to add, edit, and remove hard limits, pools, pool members, priority hosts, and more all from one place.


As you can see, we are also changing the look and feel to match that of RTR. Check back next month for updates on more exciting changes!

Our time frame for General Acceptance of this release is March/April of 2016.

As with all software releases, the 8.4 Release will be free to all customers with valid NetEqualizer Software and Support (NSS).


NetEqualizer DDoS Firewall In Action873a321d-b492-4f3f-9766-1b79c2231cc7

Just a reminder that our DDoS Firewall Option (DFW) is now installed at several locations, and is making a difference by heading off incoming DDoS attacks, even as you read this!

If you suspect you are being hit with sporadic or persistent DDoS attacks, the DDoS firewall option may be well worth the $3500 installation and consulting fee.

You can read more about DDoS on our blog here.

If you have any questions or would simply like to learn more, contact us!


Best Of The Blog

Ten Ways To Make Your Life As An Internet Provider Easier

By Art Reisman – CTO – APconnections

From ISPs and WISPs to networks in libraries, businesses, and universities, Internet use is on the rise. Yet, as the demand for Internet access continues to grow around the world, so do both the opportunities and challenges for service providers.

Just as quickly as your user-base grows, the obstacles facing providers begin to emerge.

From competition to unhappy customers, the venture that once seemed certain to succeed can quickly test the will of even the most battle-hardened and tech-savvy business owners and network administrators. However, for all types of Internet providers, there are ways to make the process smoother…

Photo Of The Month
What is this mountain range?
Tell us and you could win a $25 gift card!
This picture was taken by a staff member during a recent trip. The first four (4) people to email with the name of this mountain range will win a $25 gift card!
The answer for last month is: The Iowa State Court House in Des Moines, IA

Caching Your iOS Updates Made Easy

If you have talked to us about caching in recent months, you probably know that we are now lukewarm on open ended third party caching servers . The simple un-encrypted content of the Internet circa 2010 has been replaced by dynamically generated pages along with increased content encryption.  It’s not that the caching servers don’t work, it’s just that if they follow rules of good practice, the amount of data that a caching server can cache has diminished greatly over the last few years.

The good news is that Apple has realized the strain they are putting on Business and ISP networks when their updates come out. They have recently released an easy to implement low-cost caching solution specifically for Apple content.  In fact, one of our customers noted in a recent discussion group that they are using an old MAC mini to cache iOS updates for an entire College Campus.

Other notes on Caching Options

Akamai offers a cloud solution. Usually hosted at larger providers, but if you are buying bandwidth in bulk sometimes you can often piggyback on their savings and get a discount on cached traffic.

There is also a service offered by Netflix for larger providers.  However, last I checked you must be using 10 gigabits sustained Netflix traffic to qualify.

Why Are DDoS attacks so hard to block?

I started off this post thinking about whether or not moving your infrastructure to a cloud would give organizations better protection against DDoS attackers, and the short answer is: not really.

The issue with a coordinated DDoS attack is that it is usually orchestrated from a wide range of attacking computers, which are typically hijacked, and retrofitted with undetected scripts that can be turned on to send out a flood of data at target when directed by the hijacker.

When the attack is commenced all these disparate computers start sending data to your organization in unison. In order to stop  just one  of these attacking computers from flooding your network you have to cut it off upstream at the source.

Blocking the attackers incoming IP  at your local firewall doesn’t do any good because the  main pipe  coming from your upstream provider is still flooded with garbage, and most likely unusable.   So you have to follow the trail of attacking computer farther upstream. Your provider should be able to help if you can work with them, but that may or may not be effective, because the DDOS attack, if large enough can also torment your provider.   And even if you do manage to work upstream and block the IP’s where the attack is coming from , some DDOS attackers can just keep coming at you from new wave of  IP addresses.  One person acting alone can Hi-jack millions of computers from around the world and use them in waves of recurring attacks, with little effort.

How does a hijacker have the time to take over a million computers?

I’ll cover that in my next post.

As for the cloud offering protection, a cloud hosted IT infrastructure cannot provide any immunity, the cloud can be attacked; however the cloud providres might have the resources to detect and more easily block an attacker farther upstream  and a bit more quickly so there is some benefit.


See also

Regulate DDOS like pollution

DD4BC Group Targets Companies with Ransom-Driven DDoS Attacks




IT/Tech Geek New Year Resolutions

Here are my tech geek new year resolutions for 2016.  If you have a loved one or friends that could use some help breaking away from their tech induced coma please share.

In 2016 I resolve to:

  1.  change my shirt at least once a week and take a shower ( I have been pretty good at this most of the time)
  2. when working on my laptop, purposely let the power run down and then take a break when the low power warning comes on ( yes I actually do this)
  3. find a window to look out every 15 minutes and make a mental note that that those squirrels and birds out there have it rougher than I do. (just looked out the window and saw 3 squirrels under the bird feeder)
  4. clean the food crumbs and scuz off my keyboard and screen once a week. ( my track record in 2015 was abysmal, but the upside is that nobody will touch my laptop)
  5. stop doing support calls from public places like grocery stores and airports
  6. help a random stranger every day.
  7. call my mom
  8. not to break the glass on my phone more than 3 times this year ( 3 times last year was a record, 5 if you count my iPad)
  9. make one new friend that does not play video games
  10. remind myself that wireless networks are imperfect pieces of @#$@ and not to take it personally when they fail.

Get every new post delivered to your Inbox.

Join 57 other followers

%d bloggers like this: